Migrate the client-side extensions configuration
We can migrate the WS-Security client-side extensions configuration for a Java EE Version 1.3 application to a Java EE V1.4 application.
The following table lists the mappings of the top-level sections under the client-side Security Extensions tab for WS-Security from a Java EE V1.3 application to a Java EE Version 1.4 application.
Table 1. The mapping of the configuration sections
Java EE V1.3 security extensions for WS-Security Java EE V1.4 extensions for Web services security Request Sender Configuration Request Generator Configuration Response Receiver Configuration Response Consumer Configuration
Consider the following steps to migrate the client-side extensions configuration from a Java EE V1.3 application to a Java EE Version 1.4 application. These steps are dependent upon the specific configuration. The steps are based on typical scenarios, but the steps are not all-inclusive.
- Migrate the message parts that we need to sign or encrypt from the Integrity and Confidentiality sections in the Java EE V1.3 application to the Integrity and Confidentiality sections on the WS Extensions tab in an assembly tool for a Java EE V1.4 application.
- Set the Security Token section under the Request Generator Configuration on the WS Extensions tab if Login Config section is configured in the Java EE V1.3 extensions configuration.
When you configure the security token, select the token type in the Token type field that matches the authentication method value of the Login Config in the Java EE V1.3 application. For example, if the authentication method in the Java EE V1.3 extensions configuration is BasicAuth, then select Username in the Token type field within the assembly tool.
See on how the authentication methods for WS-Security map from a Java EE V1.3 application to a Java EE Version 1.4 application, see Authentication method to token type mappings. If the authentication method is IDAssertion, there is no action required because in a Java EE Version 1.4 application the identity assertion configuration is not required in the client-side extensions configuration. In a Java EE V1.4 application, the identity assertion configuration is specified in the server-side extensions configuration and in the client-side bindings configuration.
- Migrate the Required Integrity and Required Confidentiality sections by configuring the Required Integrity and Required Confidentiality sections in an assembly tool. Migrating the Response Receiver Configuration section is similar to migrating the Request Receiver Service Configuration Details section of the server-side extensions configuration.
See Migrate the JAX-RPC server-side extensions configuration.
- Migrate the nonce configuration in the Login Config section in a Java EE Version 1.3 extensions configuration for WS-Security to a Java EE Version 1.4 application.
Nonce is not configured in a Java EE Version 1.4 extension file for WS-Security. Rather, it is configured in the binding file for WS-Security.
To configure a nonce in the binding file, define the com.ibm.wsspi.wssecurity.token.username.addNonce property in the token generator of the username token.
- Set the Add Timestamp section under the Request Generator Configuration in the assembly tool if the Add Created Time Stamp option is configured in the Java EE V1.3 extensions.
Results
This set of steps describe the types of information that we need to migrate the client-side extensions configuration for WS-Security for a Java EE Version 1.3 application to a Java EE V1.4 application.
Next steps
Migrate the server-side bindings configuration for a Java EE Version 1.3 application to a Java EE V1.4 application. For more information, see Migrate the server-side bindings file.
Related tasks
Migrate the JAX-RPC server-side extensions configuration
Migrate the server-side bindings file
Migrate the client-side bindings file
Migrate JAX-RPC WS-Security applications to V7.0 applications